Vulnerability Description
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Virtualization | 3.5 |
| Jasper Project | Jasper | 1.900.1 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/attachment.cgi?id=163282&action=viewExploit
- http://bugs.gentoo.org/show_bug.cgi?id=222819
- http://rhn.redhat.com/errata/RHSA-2015-0698.html
- http://secunia.com/advisories/33173
- http://secunia.com/advisories/34391
- http://security.gentoo.org/glsa/glsa-200812-18.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:142
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:144
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:164
- http://www.securityfocus.com/bid/31470
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slack
- http://www.ubuntu.com/usn/USN-742-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45623
- http://bugs.gentoo.org/attachment.cgi?id=163282&action=viewExploit
- http://bugs.gentoo.org/show_bug.cgi?id=222819
FAQ
What is CVE-2008-3522?
CVE-2008-3522 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_...
How severe is CVE-2008-3522?
CVE-2008-3522 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3522?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Virtualization, Jasper Project Jasper.